Wednesday, February 15, 2012

Deploying new workstations in large corporate environments can be a headache. When you have hundreds of boxes to roll out, you need a way to avoid repetitive, time-consuming work. Imaging software allows sysadmins to make a copy of a hard drive to use for recovery, but you can also use imaging software to create identical configurations on users’ machines. The FOG imaging application runs on Linux and lets you image Windows XP, Vista, and 7 clients using a web-based GUI for administration.

FOG is network-based, which means you don’t need to visit each workstation with bootable media. Clients boot via Intel’s Preboot eXecution Environment (PXE) and you do most of the work from the server software’s control panel. The software setup includes a server based on CentOS 6.2 and a Windows 7 client that you use to create an image. The server needs enough disk space to hold the images you plan to deploy, along with a Gigabit Ethernet card/switch combo and plenty of RAM and processor power. Most, if not all, of FOG’s functions will also work on a server running CentOS 5.x, but I tested FOG 0.32 on CentOS 6.2.
Because FOG works by booting its clients over the network, it offers TFTP, DHCP, and HTTP services. The nice part is you don’t have to do anything to configure them, as FOG offers a server installation script that downloads, installs, and sets up the server packages you need.

After getting the files, unpack the archive to a directory of your choice, change to that directory, and, as root, execute the script by typing ./installfog.sh. Unless you have some fancy settings, setting up a regular FOG server is mainly a matter of pressing Enter, with some caveats. By default it installs itself in /opt; you can (and need to) change some installer script settings from the directory where the downloaded files are, as you will see below.

The most relevant documentation about installing FOG on Red Hat-based systems covers CentOS 5.3. With this document handy, and after some trial and error, I managed to install FOG. The first point to remember is that you can’t use PXE if the server has a dynamic (DHCP) address on the interface used to communicate with the client. This is what the PXE specification says and there’s nothing you or I can do about it, so set up your server’s Ethernet connection so it will have a fixed IP. You can accomplish this if you’re deploying virtual machines by first setting the server NIC in bridge mode and then proceeding with the network setup.

You can do all of the following FOG configuration without installing a desktop environment on the server, as well as test whether the server works when you’re done, by pointing a browser on a client on your network at http://x.x.x.x/fog/management, and specifying the username “fog” and password “password.”

Disable the firewall and SELinux on the FOG server, or if you really feel compelled, alter the rules so both allow the traffic you need for FOG. The services you are interested in here are FTP, HTTP, MySQL, DHCPD, NFS, and ClamAV. It may seem like a security risk to run a server without a firewall, but an imaging server doesn’t really stand a chance of being exposed to the outside world on a well-designed network.

Make sure you have the rpmforge repository installed, as outlined in FOG’s install notes, and make sure you use the FOG RPM corresponding to your version of CentOS. Scroll to the bottom of the install doc page and change the timezone settings according to the instructions there, using your specific timezone, or FOG will spam your tty1 console with warnings.

Managing FOG

Based on the answers you give at installation time, FOG automatically manages settings for all the server software it installs, including all of the software I just mentioned above. Familiarize yourself with the web interface to see what facilities it offers. Take particular note of Task Management -> List All Hosts -> Advanced. Of course, in order to use the facilities you need an image and a working client, but you will see how capable FOG really is. For example, if you have an image of an infested Windows system, FOG will use ClamAV to decontaminate the image, if at all possible. Because it uses MySQL as a back end, FOG can create a useful database about your clients, including settings and hardware configuration.

When you select a menu from the upper part of the web interface, its submenus appear on the left, and usually have the form

New...
List All...
Add New...

The main menus include users, groups, images, hosts, storage, printers, configuration, tasks, and reports. FOG provides the tools you need to organize your imaging work and generate PDF or CSV reports of hosts, imaging, inventory, or even virus history. It also supports expanding your hosts database by importing CSV files.

Creating a Client Image

FOG’s documentation recommends starting with a completely clean disk on the client machine whose image you want to deploy, in order to eliminate potential problems such as undetected viruses or corrupted master boot records. It’s easy to initialize a disk by booting from a live CD and running a command like:

# dd if=/dev/zero of=/dev/sdx

Then install Windows normally. I installed Windows 7 using the default two-partition scenario. Create a user, install updates and any software you think you need, but keep in mind that it’s easy to overdo it and make the resulting image unnecessarily big. I recommend you stick to only what you know is necessary.

Next, make sure you trim the space taken by the system as much as you can, for example by lowering the amount of disk space System Restore is allowed to use. After you’ve taken all these steps and you have created a Windows default profile, create an image of the system using FOG. You’re not going to deploy this image to your entire network, because there’s another step you have to run first, but before you take it, you need to make certain that you have a working image by deploying it to a test box. Here’s how to create the image with FOG.

Check that everything’s working OK server-side by booting the client off the network. Your network card on the client needs to support PXE; nowadays most of them do. If the server and connections are working, you should see on the client’s screen a GRUB menu with the following items:

Select “Full host registration”; that’s the process that informs the server about the client’s networking information, hardware config, and OS type. Instead of booting from the client, you could do this from the GUI by going to Host management -> Add new host. A host is just another name for a client that FOG can manage. Once you’ve registered your host, going to Host Management -> List all hosts should show you the client you just registered, with all the information.

When you’re dealing with virtual (VM) clients, make sure that their MAC addresses are fixed, or unpredictable surprises will show up, because FOG uses the MAC information to uniquely identify clients, and it will get confused if the same client has different MAC addresses at different times. Create a new stored image corresponding to the newly registered client by using the GUI and going to Image Management -> New Image, and you have all the basics in place.

Now we’re ready to make a stored image of the Windows 7 system. If you already created one, we can move on to associating that image with our client from the graphical menu: Host management -> List all hosts -> the edit button next to your host -> Host image. Finally, use Task management -> List all hosts and press the upload arrow corresponding to the desired host. Boot the client from the network and watch FOG upload your image from the host you selected. You can monitor the process in the Tasks menu. After all’s done, the client will reboot.

Boot the client normally into Windows and install FOG’s client-side software, which you need in order to prepare the system for imaging. You can download it from the server at http://x.x.x.x/fog/client. After installation, I recommend you use the default settings, but you can modify them if you need to at install time, to change options such as auto-logout. Reboot, and you should see the FOG client started in the system tray. If you use Windows 7, you should use the other download link at the address above, in order to get FOG prep, which, as the name implies, makes some changes to prepare the Windows system for imaging. Using FOG prep is mandatory on Windows 7 after you make the first, bigger FOG image. The project’s documentation explains this whole process in detail.

Once you’re sure your image works, run Microsoft’s Sysprep deployment tool on the client, which will make lots of changes to your system. After Sysprep has run (Microsoft’s knowledge base will provide guidance if you get stuck), make another image using the instructions above and, since this should become the production one, test it extensively after deploying it on a test machine.

At last you have an image on your FOG server that you can distribute. If you think the process sounds a bit complicated, here’s the short variant: First image -> Test -> FOG prep -> Sysprep -> Final image -> Test.
When you start using FOG to deploy multiple clients, I recommend you use the host groups facility to separate your clients depending on their type, purpose, or location, in order to make it easier later to apply settings or deploy images to more than one client. Just create groups depending on your setup, then attach the clients to the group they belong. Later, when you need to deploy an existing image to more than one computer, you can do that by using groups, so all clients belonging to the same group benefit from the same image, thus shortening the deployment time by orders of magnitude. To deploy an image to a new client or group, use the down arrow associated with your target on the administration interface.

Conclusion

Not only does FOG simplify the tedious task of rolling out an operating system to multiple clients, but FOG is also a great disk space saver. Stored images are compressed using gzip, and if you have a 500GB disk that needs to be imaged and it stores only 100GB of data, only the 100GB will be taken into consideration.
Ease of configuration, along with a plethora of options for both beginners and gurus, make FOG an attractive solution to a system administration headache.